Connect with us

Biz & IT

Polestar unveils its all-electric response to the Tesla Model 3

Published

on

Volvo’s standalone electric performance brand Polestar introduced Wednesday its first all-electric vehicle — a five-door fastback that is gunning for the Tesla Model 3.

In the past few years, every time an electric vehicle — concept, prototype or production version — has been unveiled, the term “Tesla killer” has been tossed about regardless of whether that car will ever even come to market.

In the case of Polestar 2, it’s unclear if it will be the “Tesla killer.” It’s possible that an entirely new group of customers will be attracted to the vehicle. What is clear: The Polestar 2 was designed to compete with the Tesla Model 3 in the U.S., Europe and China. 

You can watch the reveal on Polestar’s YouTube channel.

The specs

The Polestar 2 is meant to be a performance electric vehicle. It’s equipped with two electric motors and a 78 kilowatt-hour battery pack that has an estimated EPA range of about 275 miles.

The Polestar 2’s all-wheel drive electric powertrain produces 300 kW (an equivalent of 408 horsepower) and 487 lb-ft of torque. This is above the rear-wheel (and currently cheapest) version of the Model 3. It’s just a skosh under the dual-motor performance version of the Model 3, which has an output of 450 horsepower and 471 lb-ft of torque.

The Polestar 2 accelerates from 0 to 100km (about 62 mph) in less than five seconds — again, a stat that puts it right above the mid-range Model 3 and below the performance version.

Android inside

In 2017, Volvo announced plans to incorporate a version of its Android operating system into its car infotainment systems. A year later, the company said it would embed voice-controlled Google Assistant, Google Play Store, Google Maps and other Google services into its next-generation Sensus infotainment system.

Polestar has followed Volvo. The Polestar 2’s infotainment system will be powered by Android OS and, as a result, bring into the car embedded Google services such as Google Assistant, Google Maps and the Google Play Store.

This shouldn’t be confused with Android Auto, which is a secondary interface that lies on top of an operating system. Android OS is modeled after its open-source mobile operating system that runs on Linux. But instead of running smartphones and tablets, Google modified it so it could be used in cars.

The Polestar 2 will also have so-called “Phone-As-Key technology,” which basically means customers will have the ability to unlock their car remotely using their smartphones. This capability opens the door — literally and figuratively — for owners to rent their vehicle out via car sharing or use a delivery service to drop off items in the vehicle.

The feature also allows Polestar 2 to sense the driver upon approach. 

Polestar 2-Interior

Market plans

The base price of Polestar 2 is €39,900 ($45,389), the company says. However, for the first year of production the pricier “launch edition” will only be available at €59,900, or about $68,000. (The prices are listed before any federal or state incentives might be applied.)

The launch edition is essentially a base car with two packages, its advanced driver assistance system called Pilot Assist and Plus Pack.

Production of the Polestar 2 will begin in early 2020 at its Chengdu, China factory. The company is initially targeting sales in China, the U.S., Canada and a handful of European countries that include Belgium, Germany, the Netherlands, Norway, Sweden and the U.K.

Polestar, like its potential rival Tesla, is also ditching the dealership. Polestar will only sell its vehicles online and will offer customers subscriptions to the vehicle. Subscription pricing will be revealed at a later date, Polestar said.

The automaker is also opening “Polestar Spaces,” a showroom where customers can interact with the product and schedule test drives. These spaces will be standalone facilities and not within existing Volvo retailer showrooms. Polestar is planning to have 60 of these spaces open by 2020, including Oslo, Los Angeles and Shanghai.

Polestar was once a high-performance brand under Volvo Cars. In 2017, the company was recast as an electric performance brand aimed at producing exciting and fun-to-drive electric vehicles — a niche that Tesla was the first to fill and has dominated ever since. Polestar is jointly owned by Volvo Car Group and Zhejiang Geely Holding of China. Volvo was acquired by Geely in 2010.

The company’s first vehicle, the Polestar 1, was unveiled in September. The Polestar 1 is not a pure electric vehicle; it’s a plug-in hybrid with two electrical motors powered by three 34 kilowatt-hour battery packs and a turbo and supercharged gas inline 4 up front.

Polestar said Wednesday that its next vehicle, the Polestar 3, will be an all-electric “performance SUV.” The company didn’t provide any additional details about the Polestar 3.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Biz & IT

2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms

Published

on

Getty Images

Malicious hackers, some believed to be state-backed, are actively exploiting two unrelated vulnerabilities—both with severity ratings of 9.8 out of a possible 10—in hopes of infecting sensitive enterprise networks with backdoors, botnet software, and other forms of malware.

The ongoing attacks target unpatched versions of multiple product lines from VMware and of BIG-IP software from F5, security researchers said. Both vulnerabilities give attackers the ability to remotely execute malicious code or commands that run with unfettered root system privileges. The largely uncoordinated exploits appear to be malicious, as opposed to benign scans that attempt to identify vulnerable servers and quantify their number.

First up: VMware

On April 6, VMware disclosed and patched a remote code execution vulnerability tracked as CVE-2022-22954 and a privilege escalation flaw tracked as CVE-2022-22960. According to an advisory published on Wednesday by the Cybersecurity and Infrastructure Security Agency, “malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices.”

CISA said the actors were likely part of an advanced persistent threat, a term for sophisticated and well-financed hacker groups typically backed by a nation-state. Once the hackers have compromised a device, they use their root access to install a webshell known as Dingo J-spy on the networks of at least three organizations.

“According to trusted third-party reporting, threat actors may chain these vulnerabilities. At one compromised organization, on or around April 12, 2022, an unauthenticated actor with network access to the web interface leveraged CVE-2022-22954 to execute an arbitrary shell command as a VMware user,” Wednesday’s advisory stated. “The actor then exploited CVE-2022-22960 to escalate the user’s privileges to root. With root access, the actor could wipe logs, escalate permissions, and move laterally to other systems.”

Independent security researcher Troy Mursch said in a direct message that exploits he’s captured in a honeypot have included payloads for botnet software, webshells, and cryptominers. CISA’s advisory came the same day VMware disclosed and patched two new vulnerabilities. One of the vulnerabilities, CVE-2022-22972, also carries a severity rating of—you guessed it—9.8. The other one, CVE-2022-22973, is rated 7.8.

Given the exploits already underway for the VMware vulnerabilities fixed last month, CISA said it “expects malicious cyber actors to quickly develop a capability to exploit newly released vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products.

BIG-IP also under fire

Meanwhile, enterprise networks are also under attack from hackers exploiting CVE-2022-1388, an unrelated vulnerability with a 9.8 severity rating found in BIG-IP, a software package from F5. Nine days ago, the company disclosed and patched the vulnerability, which hackers can exploit to execute commands that run with root system privileges. The scope and magnitude of the vulnerability prompted marvel and shock in some security circles and earned it a high severity rating.

Within a few days, exploit code became publicly available and almost immediately after that, researchers reported ​​exploit attempts. It wasn’t clear then if blackhats or whitehats carried out the activity.

In more recent days, however, researchers captured thousands of malicious requests that demonstrate a significant portion of the exploits are used for nefarious purposes. In an email, researchers from security firm Greynoise wrote:

Given that the requests involving this exploit require a POST request and result in an unauthenticated command shell on the F5 Big-IP device, we have classified actors using this exploit as malicious. We have observed actors using this exploit through anonymity services such as VPNs or TOR exit nodes in addition to known internet VPS providers.

We expect actors attempting to find vulnerable devices to utilize non-invasive techniques that do not involve a POST request or result in a command shell, which are catalogued in our tag for F5 Big-IP crawlers: https://viz.greynoise.io/tag/f5-big-ip-crawler. This crawler tag did experience a rise in traffic correlated with the release of CVE-2022-1388.

Mursch said that the BIG-IP exploits attempt to install the same trio of webshells, malware for performing distributed denial-of-service attacks, and cryptominers seen in the attacks on unpatched VMware machines. The image below, for instance, shows an attack that attempts to install widely recognized DDoS malware.

Troy Mursch

The following three images show hackers exploiting the vulnerability to execute commands that fish for encryption keys and other types of sensitive data stored on a compromised server.

Troy Mursch

Troy Mursch

Troy Mursch

Given the threat posed by ransomware and nation-state hacking campaigns like the ones used against customers of SolarWinds and Microsoft, the potential damage from these vulnerabilities is substantial. Administrators should prioritize investigating these vulnerabilities on their networks and act accordingly. Advice and guidance from CISA, VMware, and F5 are here,
here, here, and here.

Continue Reading

Biz & IT

New Bluetooth hack can unlock your Tesla—and all kinds of other devices

Published

on

Getty Images

When you use your phone to unlock a Tesla, the device and the car use Bluetooth signals to measure their proximity to each other. Move close to the car with the phone in hand, and the door automatically unlocks. Move away, and it locks. This proximity authentication works on the assumption that the key stored on the phone can only be transmitted when the locked device is within Bluetooth range.

Now, a researcher has devised a hack that allows him to unlock millions of Teslas—and countless other devices—even when the authenticating phone or key fob is hundreds of yards or miles away. The hack, which exploits weaknesses in the Bluetooth Low Energy standard adhered to by thousands of device makers, can be used to unlock doors, open and operate vehicles, and gain unauthorized access to a host of laptops and other security-sensitive devices.

When convenience comes back to bite us

“Hacking into a car from hundreds of miles away tangibly demonstrates how our connected world opens us up to threats from the other side of the country—and sometimes even the other side of the world,” Sultan Qasim Khan, a principal security consultant and researcher at security firm NCC Group, told Ars. “This research circumvents typical countermeasures against remote adversarial vehicle unlocking and changes the way we need to think about the security of Bluetooth Low Energy communications.”

This class of hack is known as a relay attack, a close cousin of the person-in-the-middle attack. In its simplest form, a relay attack requires two attackers. In the case of the locked Tesla, the first attacker, which we’ll call Attacker 1, is in close proximity to the car while it’s out of range of the authenticating phone. Attacker 2, meanwhile, is in close proximity to the legitimate phone used to unlock the vehicle. Attacker 1 and Attacker 2 have an open Internet connection that allows them to exchange data.

Attacker 1 uses her own Bluetooth-enabled device to impersonate the authenticating phone and sends the Tesla a signal, prompting the Tesla to reply with an authentication request. Attacker 1 captures the request and sends it to Attacker 2, who in turn forwards the request to the authenticating phone. The phone responds with a credential, which Attacker 2 promptly captures and relays back to Attacker 1. Attacker 1 then sends the credential to the car.

With that, Attacker 1 has now unlocked the vehicle. Here’s a simplified attack diagram, taken from the above-linked Wikipedia article, followed by a video demonstration of Khan unlocking a Tesla and driving away with it, even though the authorized phone isn’t anywhere nearby.

Wikipedia

NCC Group demo Bluetooth Low Energy link layer relay attack on Tesla Model Y.

Relay attacks in the real world need not have two actual attackers. The relaying device can be stashed in a garden, coat room, or other out-of-the-way place at a home, restaurant, or office. When the target arrives at the destination and moves into Bluetooth range of the stashed device, it retrieves the secret credential and relays it to the device stationed near the car (operated by Attacker 1).

The susceptibility of BLE, short for Bluetooth Low Energy, to relay attacks is well known, so device makers have long relied on countermeasures to prevent the above scenario from occurring. One defense is to measure the flow of the requests and responses and reject authentications when the latency reaches a certain threshold, since relayed communications generally take longer to complete than legitimate ones. Another protection is encrypting the credential sent by the phone.

Khan’s BLE relay attack defeats these mitigations, making such hacks viable against a large base of devices and products previously assumed to be hardened against such attacks.

Continue Reading

Biz & IT

Researchers devise iPhone malware that runs even when device is turned off

Published

on

Classen et al.

When you turn off an iPhone, it doesn’t fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies. Now researchers have devised a way to abuse this always-on mechanism to run malware that remains active even when an iPhone appears to be powered down.

It turns out that the iPhone’s Bluetooth chip—which is key to making features like Find My work—has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off.

This video provides a high overview of some of the ways an attack can work.

[Paper Teaser] Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones

The research is the first—or at least among the first—to study the risk posed by chips running in low-power mode. Not to be confused with iOS’s low-power mode for conserving battery life, the low-power mode (LPM) in this research allows chips responsible for near-field communication, ultra wideband, and Bluetooth to run in a special mode that can remain on for 24 hours after a device is turned off.

“The current LPM implementation on Apple iPhones is opaque and adds new threats,” the researchers wrote in a paper published last week. “Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the overall iOS security model. To the best of our knowledge, we are the first who looked into undocumented LPM features introduced in iOS 15 and uncover various issues.”

They added: “Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.”

The findings have limited real-world value since infections required a jailbroken iPhone, which in itself is a difficult task, particularly in an adversarial setting. Still, targeting the always-on feature in iOS could prove handy in post-exploit scenarios by malware such as Pegasus, the sophisticated smartphone exploit tool from Israel-based NSO Group, which governments worldwide routinely employ to spy on adversaries.
It may also be possible to infect the chips in the event hackers discover security flaws that are susceptible to over-the-air exploits similar to this one that worked against Android devices.

Besides allowing malware to run while the iPhone is turned off, exploits targeting LPM could also allow malware to operate with much more stealth since LPM allows firmware to conserve battery power. And of course, firmware infections are already extremely difficult to detect since it requires significant expertise and expensive equipment.

The researchers said Apple engineers reviewed their paper before it was published, but company representatives never provided any feedback on its contents. Apple representatives didn’t respond to an email seeking comment for this story.

Ultimately, Find My and other features enabled by LPM help provide added security because they allow users to locate lost or stolen devices and lock or unlock car doors even when batteries are depleted. But the research exposes a double-edged sword that, until now, has gone largely unnoticed.

“Hardware and software attacks similar to the ones described, have been proven practical in a real-world setting, so the topics covered in this paper are timely and practical,” John Loucaides, senior vice president of strategy at firmware security firm Eclypsium. “This is typical for every device. Manufacturers are adding features all the time and with every new feature comes a new attack surface.”

Continue Reading

Trending